We're in beta — products are not yet available for purchase. Leave your email and we'll notify you when we go live.
Complete transparency about our security architecture. No marketing fluff—just technical facts.
The technical pillars that protect your data
Only you know what's stored in your vault. All encryption and decryption happens right on your device—by the time your data reaches our servers for backup and sync, it's already encrypted. We never see your Master Password or your unencrypted data.
What this means: Even if our servers were breached, attackers would only find encrypted data that cannot be decrypted without your Master Password.
We use AES-256-GCM—the same military-grade encryption standard trusted by governments and banks worldwide. The GCM (Galois/Counter Mode) variant includes authentication tags that prevent any tampering with your encrypted data.
Technical depth: 256-bit keys provide 2^256 possible combinations—more than atoms in the observable universe. Current computing power would take billions of years to crack.
Your Master Password is transformed into an encryption key using Argon2id—the winner of the Password Hashing Competition and the most secure key derivation function available. Combined with a unique cryptographic salt, this makes brute-force attacks prohibitively expensive.
Attack economics: A brute-force attack would cost millions of dollars in computing power, making it economically unfeasible for attackers.
Every user gets a unique cryptographic salt—random data added to your Master Password before hashing. This makes rainbow table attacks completely useless, as even users with identical passwords will have different hash outputs.
Pre-computed defense: Attackers cannot use pre-computed hash tables because every user's salt is unique and randomly generated.
The complete encryption pipeline from your device to our servers
You choose a strong Master Password that only you know. This password never leaves your device and is never transmitted to our servers. We don't store it, we can't see it, and we can't recover it for you.
When you log in, your Master Password is combined with a unique cryptographic salt and processed through Argon2id. This creates your Master Key—a deterministic encryption key that's computationally expensive to derive.
Your Master Key encrypts all your secrets using AES-256-GCM. The GCM mode adds authentication tags to every encrypted item, ensuring that any tampering attempts are immediately detected when you try to decrypt.
Only the encrypted ciphertext is transmitted to our servers for backup and sync. We receive scrambled data that's mathematically impossible to decrypt without your Master Password. Your encryption keys never leave your device.
Even if someone hacked our servers, stole the database, and had unlimited computing power—they still couldn't decrypt your secrets without your Master Password. That's the power of zero-knowledge end-to-end encryption with modern cryptography.
Your data lives on your machine. No surveillance, no tracking.
We don't collect usage data, telemetry, or analytics. Your passwords and secrets stay completely private on your device.
All core features work offline. Password management and secure storage don't require an internet connection. Cloud sync is optional.
Choose to enable encrypted cloud sync for passwords and settings. Even when syncing, your data is encrypted on your device before transmission.
Transparency about the worst-case scenario
Let's imagine the worst case: attackers gain full access to our servers, steal our entire database, and have unlimited computing resources to attempt decryption.
Without your Master Password, the encrypted data is mathematically impossible to decrypt in any reasonable timeframe. Argon2id makes brute-force attacks cost millions of dollars in computing power. Rainbow tables don't work because of unique salts. Even quantum computers wouldn't crack AES-256 for decades.
Our commitment: In the unlikely event of a breach, we will immediately notify all users, provide full transparency about what was accessed, and work with security experts to investigate and remediate.
Try Vault free for 14 days. Secure password management with military-grade encryption and zero-knowledge architecture.